NixOS 24.05: umask boot partition

This commit is contained in:
Daniel Langbein 2024-07-12 22:57:37 +02:00
parent 849985d849
commit 65a0f7bf2f
2 changed files with 6 additions and 0 deletions

View File

@ -30,6 +30,7 @@
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/81A5-B98A"; { device = "/dev/disk/by-uuid/81A5-B98A";
fsType = "vfat"; fsType = "vfat";
options = [ "umask=0077" ];
}; };
fileSystems."/mnt/backup" = fileSystems."/mnt/backup" =

View File

@ -30,6 +30,11 @@
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/072E-897D"; { device = "/dev/disk/by-uuid/072E-897D";
fsType = "vfat"; fsType = "vfat";
# Fixes the error
# systemd-boot-random-seed.service: Mount point '/boot' which backs the random seed file is world accessible, which is a security hole!
# TODO: Do this with disko. Example: https://github.com/wimpysworld/nix-config/blob/0cc52f746d5c5fec9d8edea5391661da811eb08f/nixos/tanis/disks.nix#L17
# TODO: Add this to other NixOS hosts.
options = [ "umask=0077" ];
}; };
fileSystems."/mnt/data" = fileSystems."/mnt/data" =